CISA Alerts on Active Exploitation of Critical Web Panel Vulnerabilities
CISA warns of a critical remote command execution vulnerability in CentOS Web Panel (CWP) that is actively exploited, urging federal agencies and organizations to apply security updates by November 25 to mitigate risks. The flaw allows unauthenticated attackers to execute arbitrary commands, impacting all versions before 0.9.8.1204, and was demonstrated on CentOS 7. The vulnerability was reported in May, patched in June, and now added to CISA's Known Exploited Vulnerabilities catalog.